Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Manually test static signing credentials from x509 certs #1602

Open
josephdecock opened this issue Sep 20, 2024 · 1 comment
Open

Manually test static signing credentials from x509 certs #1602

josephdecock opened this issue Sep 20, 2024 · 1 comment
Assignees
Labels
Milestone

Comments

@josephdecock
Copy link
Member

In the main host, if you comment in AddStaticSigningCredential and then make a jwks discovery request, an exception is thrown:
CryptographicException: m_safeCertContext is an invalid handle.

In the debugger, at the point of loading the certificate, it looks good. E.g., in IdentityServerExtensions, after using var rsaCert = new X509Certificate2("./testkeys/identityserver.test.rsa.p12", "changeit");, the rsaCert is good. However, at the point of using the cert in DiscoveryResponseGenerator, it appears to be invalid: var cert64 = Convert.ToBase64String(x509Key.Certificate.RawData); is where the exception is thrown, and the x509Key.Certificate in the debugger is completely invalid - all properties throw an exception.

Note: hosts\main\TestKeys\identityserver.test.rsa.p12 and hosts\main\TestKeys\identityserver.test.ecdsa.p12 seem to have been generated with mkcert -pkcs12 identityserver.test.rsa and mkcert -pkcs12 -ecdsa identityserver.test.ecdsa on Dom's machine, but he now reproduces the error, and the problem exists for me if I regenerate the keys with those commands. I've tested as far back as the 6.3.x release branch and reproduced this.

@josephdecock
Copy link
Member Author

Labeling this internal for now - we have no reports of issues in the wild, so my hope is that we can fix this by generating the cert differently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant